Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-32881

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32882

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the me... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-32884

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32885

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-21537

    Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-32886

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-32887

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-32888

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-32889

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2024-42459

    In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.... Read more

    Affected Products : elliptic elliptic
    • Published: Aug. 02, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-42460

    In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.... Read more

    Affected Products : elliptic elliptic
    • Published: Aug. 02, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-32890

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the messa... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-3900

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.... Read more

    Affected Products : colorbox
    • Published: Apr. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-28355

    Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none... Read more

    Affected Products : personal_management_system
    • Published: Apr. 18, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-48948

    The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because ... Read more

    Affected Products : elliptic elliptic
    • Published: Oct. 15, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-5033

    A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-s... Read more

    Affected Products : teacms
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-30194

    When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is... Read more

    Affected Products : dnsdist
    • Published: Apr. 29, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-6129

    Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attack... Read more

    Affected Products : openssl
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51970

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51969

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293611 Results